Pullup ticket #4389 - requested by he

net/freeradius2: security patch

Revisions pulled up:
- net/freeradius2/Makefile                                      1.35
- net/freeradius2/distinfo                                      1.16
- net/freeradius2/patches/patch-src_modules_rlm__pap_rlm__pap.c 1.1

---
   Module Name:	pkgsrc
   Committed By:	he
   Date:		Sun Apr 27 12:10:56 UTC 2014

   Modified Files:
   	pkgsrc/net/freeradius2: Makefile distinfo
   Added Files:
   	pkgsrc/net/freeradius2/patches: patch-src_modules_rlm__pap_rlm__pap.c

   Log Message:
   Add a patch to fix CVS-2014-2015, a buffer overflow vulnerability.
   Patch taken from
   https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a

3 files changed, 30 insertions, 3 deletions

diff --git a/net/freeradius2/Makefile b/net/freeradius2/Makefile
index 8febd5817d0..d7a8b6a1c7e 100644
--- a/net/freeradius2/Makefile
+++ b/net/freeradius2/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.34 2014/02/12 23:18:20 tron Exp $
+# $NetBSD: Makefile,v 1.34.2.1 2014/04/29 08:37:02 tron Exp $
 
 DISTNAME=	freeradius-server-${RADVER}
 PKGNAME=	${DISTNAME:S/-server//}
-PKGREVISION=	7
+PKGREVISION=	8
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.freeradius.org/pub/freeradius/
 EXTRACT_SUFX=	.tar.bz2
diff --git a/net/freeradius2/distinfo b/net/freeradius2/distinfo
index 851bae7d13f..66687179f9e 100644
--- a/net/freeradius2/distinfo
+++ b/net/freeradius2/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.15 2013/04/12 13:45:47 joerg Exp $
+$NetBSD: distinfo,v 1.15.8.1 2014/04/29 08:37:02 tron Exp $
 
 SHA1 (freeradius-server-2.2.0.tar.bz2) = 8710b21972072241219f006d26f609cb58875cda
 RMD160 (freeradius-server-2.2.0.tar.bz2) = 243569a7ad93b292439e6938be8102dba12b843d
@@ -12,3 +12,4 @@ SHA1 (patch-aj) = 865882e6e6e935276529b98616c9059c555272b9
 SHA1 (patch-ak) = 751aba6a3f9716279f3a87871cf7008b7a921f9a
 SHA1 (patch-al) = 6d68e3e2d7dd50675f142be974b277da0f664c8b
 SHA1 (patch-man_man5_dictionary.5) = cc662beeb2351501c9761e4ce6fc8402c7907b30
+SHA1 (patch-src_modules_rlm__pap_rlm__pap.c) = 595c5dafb22d71fbcb00974e4fc56a1fd1e7c7c3
diff --git a/net/freeradius2/patches/patch-src_modules_rlm__pap_rlm__pap.c b/net/freeradius2/patches/patch-src_modules_rlm__pap_rlm__pap.c
new file mode 100644
index 00000000000..6e7c2aa97bc
--- /dev/null
+++ b/net/freeradius2/patches/patch-src_modules_rlm__pap_rlm__pap.c
@@ -0,0 +1,26 @@
+$NetBSD: patch-src_modules_rlm__pap_rlm__pap.c,v 1.1.2.2 2014/04/29 08:37:02 tron Exp $
+
+Increase buffer size, and use output buffer size as limit for hex2bin.
+Should fix CVE-2014-2015, patch from
+https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a
+
+--- src/modules/rlm_pap/rlm_pap.c.orig	2012-09-10 11:51:34.000000000 +0000
++++ src/modules/rlm_pap/rlm_pap.c
+@@ -245,7 +245,7 @@ static int base64_decode (const char *sr
+ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
+ {
+ 	size_t decoded;
+-	uint8_t buffer[64];
++	uint8_t buffer[256];
+ 
+ 	if (min_length >= sizeof(buffer)) return; /* paranoia */
+ 
+@@ -253,7 +253,7 @@ static void normify(REQUEST *request, VA
+ 	 *	Hex encoding.
+ 	 */
+ 	if (vp->length >= (2 * min_length)) {
+-		decoded = fr_hex2bin(vp->vp_strvalue, buffer, vp->length >> 1);
++		decoded = fr_hex2bin(vp->vp_strvalue, buffer, sizeof(buffer));
+ 		if (decoded == (vp->length >> 1)) {
+ 			RDEBUG2("Normalizing %s from hex encoding", vp->name);
+ 			memcpy(vp->vp_octets, buffer, decoded);